Method for source-related risk detection and alert generation

Abstract

A method and system for detecting a source-related risk and generating an alert concerning the source-related risk are disclosed. Criteria of the source-related risk are defined. Thresholds associated with the source-related risk are defined. Every operation on an object is detected. If an operation on an object satisfies a criterion among the criteria or if the operation causes to exceed a threshold among the thresholds, an alert is generated for the operation.

Description

BACKGROUND OF THE INVENTION[0001]1. Fields of the Invention[0002]The present invention generally relates to detecting a source-related risk. More particularly, the present invention relates to detecting a source-related risk during a development of an object.[0003]2. Description of the Prior Art[0004]With a trend of sharing and reusing, objects are composed of pre-existing materials or sub-objects created by a another person (e.g., a co-worker, a programmer working in a different company, etc.). This trend (i.e., sharing and reusing pre-existing materials) applies in software development. In a new software development, developers often leverage pre-existing materials (i.e., any material that has existed before a current development), such as open source code and a third party picture, with benefit of accelerating development progress, saving creation effort, or achieving good quality. However, leveraging pre-existing materials, especially pre-existing code, to the software developme...

AI Technical Summary

Benefits of technology

[0011]Moreover, in current software development projects, developers are often required at the end of software development to sign a “Certificate of Originality”(COO) stating which parts of the code of the software are their own creation, and which parts are from the Open Source or from other developers/authors. Due to a lack of an effective and reliable mechanism to maintain and track source information about code or due to a lack of an effective and reliabl

Problems solved by technology

However, leveraging pre-existing materials, especially pre-existing code, to the software development may also introduce source-related risks (i.e., a copyright issue, a licensing issue, a code pedigree (i.e., code coming from many different sources) issue).

An improper operation on source information of code increases a risk of code contamination, ownership and responsibilities, and increases a difficulty of sharing and reusing the code.

Because of the improper operations (e.g., deleting developer or author's information) on code, a use of pre-existing code, especially code in a public domain, always carries a high risk of code contamination, both in a form of bugs inadvertently created and in a form of virus or worms intentionally produced.

Because of the improper operations (e.g., deleting a copyright term), no matter by an accident or by an intention, during code development, developers may not be aware of a source-related risk or get any alert associated with the source-related risk, so that they have no confidence to share and reuse code.

However, the SCM tools have a limitation of recording source information only at the moment of the check-in/check-out.

That is, the SCM tools only check differences between a check-out version (i.e., code when being obtained) and a check-in version (i.e., code when being stored in a repository), so SCM tools do not check/trace all changes made between a check-out and a check-in.

Furthe

Images